Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo Remnants

Started by rrush , Apr 06 2009 09:20 PM

  • Please log in to reply

#1
rrush
Posted 06 April 2009 - 09:20 PM

rrush

    Member

  • Member
  • PipPip
  • 66 posts
I've worked on this machine to clean up multiple infections. Although everything is running OK now, there are references to DLLs showing at startup of the limited account. Nothing is loading that I can see (the messages are that the DLL can't load...the specified module cannot be found) Need to find where those load instructions are hiding.
The 3 DLLs mentioned are kejowigi.dll, mujemele.dll and viberisa.dll

I'd appreciate someone looking this over to see what I've missed.

Below is the OTList log.

OTListIt logfile created on: 4/6/2009 11:03:28 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.12.1 Folder = C:\Documents and Settings\Tech\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 404.31 Mb Available Physical Memory | 42.18% Memory free
2.26 Gb Paging File | 1.73 Gb Available in Paging File | 76.66% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.55 Gb Total Space | 100.83 Gb Free Space | 71.23% Space Free | Partition Type: NTFS
Drive D: | 7.48 Gb Total Space | 0.47 Gb Free Space | 6.32% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: Tech
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\McShield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ARPWRMSG.EXE (Microsoft)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
PRC - C:\Program Files\eSnips\ClientGW.exe (eSnips Ltd.)
PRC - C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\Adobe Media Player\Adobe Media Player.exe ()
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Tech\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ARSVC [Auto | Running]) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Capture Device Service [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MBackMonitor [Auto | Running]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\McShield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Boot | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (bb-run [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)
DRV - (DCamUSBEMPIA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emDevice.sys (eMPIA Technology, Inc.)
DRV - (emAudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems GmbH)
DRV - (FiltUSBEMPIA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emFilter.sys (eMPIA Technology, Inc.)
DRV - (FTD2XX [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\FTD2XX.sys (FTDI Ltd.)
DRV - (ftsata2 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ndiscm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (ScanUSBEMPIA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\emScan.sys (eMPIA Technology, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (USB_RNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/31 18:42:40 | 00,000,000 | ---D | M]

[2008/05/08 20:53:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/05/14 18:50:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/05/14 18:50:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2008/05/08 20:53:19 | 00,001,728 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\onestep.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background (Research In Motion Limited)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe" (eSnips Ltd.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController (Pinnacle Systems)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Uninstall getPlus® for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp (NOS Microsystems Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Tech\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe ()
O4 - Startup: C:\Documents and Settings\Tech\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\Tech\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.co...IEGetPlugin.ocx (get_atlcom Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1210806279046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1210806561984 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/04/06 23:02:00 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tech\Desktop\OTListIt2.exe
[2009/04/06 22:44:53 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/06 22:32:53 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/04/06 22:31:58 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/04/06 22:30:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Desktop\Adobe Reader 9 Installer
[2009/04/06 22:27:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/04/06 22:27:05 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/04/06 21:50:39 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/04/03 00:18:37 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/02 23:19:13 | 00,000,000 | ---D | C] -- C:\Program Files\GiPo@Utilities
[2009/04/02 23:19:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Gibinsoft Shared
[2009/04/02 22:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Malwarebytes
[2009/04/02 22:04:42 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/02 22:04:42 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/02 22:04:39 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/02 22:04:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/02 22:04:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/02 21:37:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/02 21:37:16 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Tech\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/02 21:37:01 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\NTREGOPT.lnk
[2009/04/02 21:37:01 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\ERUNT.lnk
[2009/04/02 21:37:01 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/02 20:21:42 | 00,002,248 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\Google Chrome.lnk
[2009/04/02 20:21:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tech\My Documents\Downloads
[2009/04/02 20:18:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Desktop\AntiMalware
[2009/03/31 18:49:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/03/30 21:50:59 | 00,026,496 | R--- | C] (Research in Motion Ltd) -- C:\WINDOWS\System32\drivers\RimSerial.sys
[2009/03/30 21:47:13 | 00,001,846 | ---- | C] () -- C:\Documents and Settings\Tech\Start Menu\Programs\Startup\Desktop Manager.lnk
[2009/03/30 21:47:13 | 00,001,834 | ---- | C] () -- C:\Documents and Settings\Tech\Desktop\Desktop Manager.lnk
[2009/03/30 21:32:43 | 00,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MixPad.lnk
[2009/03/30 21:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\NCH Swift Sound
[2009/03/30 21:26:26 | 00,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/03/30 21:26:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tech\Application Data\Research In Motion
[2009/03/30 10:10:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2009/03/30 10:09:46 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2009/03/30 09:56:17 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009/03/15 05:27:42 | 01,225,088 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0456.JPG
[2009/03/15 05:27:30 | 01,233,750 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0455.JPG
[2009/03/14 08:41:00 | 01,164,864 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0450.JPG
[2009/03/14 08:25:10 | 01,268,614 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0437.JPG
[2009/03/14 08:24:50 | 01,190,039 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0436.JPG
[2009/03/14 08:24:28 | 01,264,662 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0435.JPG
[2009/03/14 08:23:48 | 01,247,433 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0433.JPG
[2009/03/14 08:23:40 | 01,249,932 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0432.JPG
[2009/03/14 08:21:56 | 01,254,437 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0430.JPG
[2009/03/14 08:21:30 | 01,237,309 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0429.JPG
[2009/03/14 08:21:00 | 01,237,395 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0428.JPG
[2009/03/14 08:14:12 | 01,238,051 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0424.JPG
[2009/03/09 07:55:02 | 01,239,531 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0417.JPG
[2009/03/09 07:54:52 | 01,259,729 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0416.JPG
[2009/03/09 07:54:36 | 01,258,657 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0415.JPG
[2009/03/09 07:09:40 | 01,230,023 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0413.JPG
[2009/03/09 07:08:58 | 01,246,655 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0409.JPG
[2009/03/09 00:38:14 | 01,286,165 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0404.JPG
[2009/03/09 00:38:00 | 01,302,146 | ---- | C] () -- C:\Documents and Settings\Tech\My Documents\DSCI0403.JPG
[2008/09/03 20:37:47 | 00,043,008 | -HS- | C] () -- C:\WINDOWS\System32\migisibi.dll
[2008/06/02 14:21:57 | 00,000,089 | ---- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2008/05/08 03:03:38 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/12/18 20:34:56 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/12/18 20:34:56 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/12/18 12:56:48 | 00,000,062 | ---- | C] () -- C:\WINDOWS\Main.INI
[2007/11/22 22:01:56 | 00,001,785 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/22 17:39:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/25 20:34:26 | 00,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/01/03 18:02:23 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/01/03 17:58:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/12/29 14:11:12 | 00,185,856 | ---- | C] () -- C:\WINDOWS\System32\Bmp2Jpeg.dll
[2005/11/10 21:15:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/10 20:54:49 | 00,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/10 20:49:39 | 00,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/10 20:49:31 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/10 20:46:56 | 00,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/10 20:43:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/10 20:38:53 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/10 20:38:53 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/10 20:38:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/10 20:38:53 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/10 20:38:53 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/10 20:38:53 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/10 20:32:35 | 00,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/10 20:31:35 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/10 20:18:53 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/10 20:02:13 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/10 19:55:33 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/10 19:55:33 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/10 19:55:10 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 16:50:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 08:02:00 | 00,000,623 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/31 00:52:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/06 01:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005/08/03 03:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/04/27 14:38:00 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/07/26 18:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 02:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/16 20:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000071.DLL
[2001/07/07 02:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/06 23:02:08 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tech\Desktop\OTListIt2.exe
[2009/04/06 23:01:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/04/06 22:32:53 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/04/06 22:31:58 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/04/06 22:26:35 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/04/06 22:15:28 | 00,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/04/06 22:14:22 | 00,000,753 | ---- | M] () -- C:\Documents and Settings\Tech\Start Menu\Programs\Startup\Adobe Media Player.lnk
[2009/04/06 22:12:20 | 00,017,324 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/04/06 22:11:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/06 22:11:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/06 22:11:46 | 10,051,13344 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/06 22:10:40 | 04,846,640 | -H-- | M] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\IconCache.db
[2009/04/06 21:50:41 | 00,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Media Player.lnk
[2009/04/06 20:26:12 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/06 20:26:08 | 00,251,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/03 00:21:58 | 00,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/03 00:18:32 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/02 22:04:42 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/02 21:58:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/02 21:51:02 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/02 21:37:16 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Tech\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/02 21:37:01 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\NTREGOPT.lnk
[2009/04/02 21:37:01 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\ERUNT.lnk
[2009/04/02 20:21:42 | 00,002,248 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\Google Chrome.lnk
[2009/03/31 23:27:37 | 00,000,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2009/03/30 21:47:13 | 00,001,846 | ---- | M] () -- C:\Documents and Settings\Tech\Start Menu\Programs\Startup\Desktop Manager.lnk
[2009/03/30 21:47:13 | 00,001,834 | ---- | M] () -- C:\Documents and Settings\Tech\Desktop\Desktop Manager.lnk
[2009/03/30 21:32:43 | 00,000,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MixPad.lnk
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/20 11:00:00 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/03/19 10:01:09 | 00,002,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Install Rhapsody.lnk
[2009/03/16 18:48:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/16 09:02:35 | 00,441,344 | -HS- | M] () -- C:\Documents and Settings\Tech\My Documents\Thumbs.db
[2009/03/15 17:42:16 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Tech\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/15 05:27:42 | 01,225,088 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0456.JPG
[2009/03/15 05:27:30 | 01,233,750 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0455.JPG
[2009/03/15 01:00:00 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/03/14 08:41:00 | 01,164,864 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0450.JPG
[2009/03/14 08:25:12 | 01,268,614 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0437.JPG
[2009/03/14 08:24:50 | 01,190,039 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0436.JPG
[2009/03/14 08:24:28 | 01,264,662 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0435.JPG
[2009/03/14 08:23:48 | 01,247,433 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0433.JPG
[2009/03/14 08:23:40 | 01,249,932 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0432.JPG
[2009/03/14 08:21:56 | 01,254,437 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0430.JPG
[2009/03/14 08:21:32 | 01,237,309 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0429.JPG
[2009/03/14 08:21:00 | 01,237,395 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0428.JPG
[2009/03/14 08:14:12 | 01,238,051 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0424.JPG
[2009/03/13 16:57:01 | 00,524,844 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/13 16:57:01 | 00,443,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/13 16:57:01 | 00,072,184 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/09 07:55:04 | 01,239,531 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0417.JPG
[2009/03/09 07:54:52 | 01,259,729 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0416.JPG
[2009/03/09 07:54:38 | 01,258,657 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0415.JPG
[2009/03/09 07:09:40 | 01,230,023 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0413.JPG
[2009/03/09 07:09:00 | 01,246,655 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0409.JPG
[2009/03/09 00:38:14 | 01,286,165 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0404.JPG
[2009/03/09 00:38:00 | 01,302,146 | ---- | M] () -- C:\Documents and Settings\Tech\My Documents\DSCI0403.JPG
< End of report >


Thanks in advance!!
  • 0

Advertisements

#2
rrush
Posted 08 April 2009 - 04:03 AM

rrush

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Update - I found the references under Current User,Run in the registry and removed them. Machine appears to be OK despite all of the crapware the user has installed and wants to keep. If you see anything in the log that needs fixed, let me know.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP